<?php

/**
 * MVM_MALL 网上商店系统  贝宝支付
 * ============================================================================
 * 版权所有 (C) 2007-2010 www.mvmmall.com，并保留所有权利。
 * 网站地址: http://www.mvmmall.com
 * ----------------------------------------------------------------------------
 * 这是一个免费开源的软件；这意味着您可以在不用于商业目的的前提下对程序代码
 * 进行修改、使用和再发布。
 * ============================================================================
 * $Author:  www.mvmmall.com  $
 * $Date: 2008-02-25 $
 * $Id: cart.php  www.mvmmall.com$
 * ---------------------------------------------
*/

if(!defined('MVMMALL')){
    exit('Access Denied');
}
//插件的代码必须和文件名保持一致
$payment['paypal']['name']    = 'paypal';
//描述
$payment['paypal']['desc']    = 'paypal';

//支付费用
$payment['paypal']['pay_fee'] = '0%';

// 是否支持在线支付
$spayment['paypal']['online']  = 1;

//否支持货到付款
$payment['paypal']['cod']     = 0;

//申请地址
$payment['paypal']['reg']     = 'https://www.paypal.com/us/cgi-bin/webscr?cmd=_registration-run';

//版权信息
$payment['paypal']['license']  = '版权所有www.mvmmall.com';

//接口需要的参数
$payment['paypal']['cfg'] =array(
        array('name' => 'business', 'value' => '','label'=>'商户帐号'),
        array('name' => 'currency_code', 'value' => 'USD','label'=>'支付货币','type'=>'1'),
    );
    
class paypal
{
    var $cfg;
    function paypal($cfg = array())
    {
        foreach ($cfg AS $key=>$val)
        {
            $this->cfg[$val['name']] = $val['value'];
        }
    }
    
/*提交支付请求*/
function pay_send($sn,$amount)	{
    $notify_url = MVMMALL_DIR."/respond.php?code=".basename(__FILE__, '.class.php');
   $invoice= time();
    $result="
            <FORM  name=re METHOD=post ACTION='https://www.paypal.com/cgi-bin/webscr' target='_blank'>
			<input type='hidden' name='cmd' value='_xclick'>
			<input type='hidden' name='business' value='{$this->cfg[business]}'>
			<input type='hidden' name='return' value='$PHP_SELF'>
			<input type='hidden' name='amount' value='$amount'>
			<input type='hidden' name='invoice' value='$invoice'>
			<input type='hidden' name='charset' value='utf-8'>
			<input type='hidden' name='no_shipping' value='1'>
			<input type='hidden' name='no_note' value=''>
			<input type='hidden' name='currency_code' value='{$this->cfg[currency_code]}'>
			<input type='hidden' name='notify_url' value='$notify_url'>
			<input type='hidden' name='item_name' value='$sn'>
			<input type='image' name='PayBtnUrl' src='images/pay/paypal.gif'>
			</FORM>
				";
    $result=trim($result);
    return   $result;
    
}
    /**
     * 提交返回处理*
     */
    function pay_receive()
    {
        $merchant_id    = $this->cfg[business];               ///获取商户编号
        // read the post from PayPal system and add 'cmd'
        $req = 'cmd=_notify-validate';
        foreach ($_POST as $key => $value){
            $value = urlencode(stripslashes($value));
            $req .= "&$key=$value";
        }
        // post back to PayPal system to validate
        $header .= "POST /cgi-bin/webscr HTTP/1.0\r\n";
        $header .= "Content-Type: application/x-www-form-urlencoded\r\n";
        $header .= "Content-Length: " . strlen($req) ."\r\n\r\n";
        $fp = fsockopen ('www.paypal.com', 80, $errno, $errstr, 30);
        // assign posted variables to local variables
        $item_name = $_POST['item_name'];
        $item_number = $_POST['item_number'];
        $payment_status = $_POST['payment_status'];
        $payment_amount = $_POST['mc_gross'];
        $payment_currency = $_POST['mc_currency'];
        $txn_id = $_POST['txn_id'];
        $receiver_email = $_POST['receiver_email'];
        $payer_email = $_POST['payer_email'];
        $order_sn = $_POST['invoice'];
        $action_note = $txn_id . '（paypal 交易号）' . $_POST['memo'];

        if (!$fp)
        {
            fclose($fp);

            return false;
        }
        else
        {
            fputs($fp, $header . $req);
            while (!feof($fp))
            {
                $res = fgets($fp, 1024);
                if (strcmp($res, 'VERIFIED') == 0){
                    // check the payment_status is Completed
                    if ($payment_status != 'Completed'){
                        fclose($fp);
                        return false;
                    }

                    // check that txn_id has not been previously processed
                    
                    // check that receiver_email is your Primary PayPal email
                    if ($receiver_email != $merchant_id)
                    {
                        fclose($fp);
                        return false;
                    }

                    // check that payment_amount/payment_currency are correct
                    if ($payment_currency != '$data_pay_account')
                    {
                        fclose($fp);

                        return false;
                    }
                    
                    //比较返回的订单号和金额与数据库中的金额是否相符
                $v_oid= strip_tags($$item_name);
                $list = order_info($v_oid);
                if ($list[order_amount]==$payment_amount){
                    /* 改变订单状态*/
                    change_order($v_oid);
                     fclose($fp);
                    return true;
                }else {
                    return false;
                }
         
                }
                elseif (strcmp($res, 'INVALID') == 0)
                {
                    // log for manual investigation
                    fclose($fp);

                    return false;
                }
            }
        }
     
    }
}